> https://www.opb.org/news/article/npr-sounding-the-alarm- > about-a-new-russian-cyber-threat/ > > It recommends following your router manufacturer's guidance on making sure > the router is secure. It doesn't say specifically what to search for. I > have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09. > What foo should I use to determine what version of firmware I should be > running to be reasonably secure? >
Dear God. You just linked to an HTTPS website that contains insecure content. I examined the source code for that web page, and nearly drowned in the tsunami of Javascript that filled my screen. Supposedly, the authenticity of opb.org was verified by a certificate, however there are some jpg images being displayed that were retrieved via the HTTP protocol. Looks fishy, does anybody here know who opb-imgserve-production.s3-website-us-west-2.amazonaws.com is? There are a number of images on that article page that are linked from that domain over HTTP. It's not a mistake, since they appear to be inaccessible when making the request over https://..... http://opb-imgserve-production.s3-website-us-west-2.amazonaws.com/c_limit,g_center,h_480,q_90,w_620/583fb000afffed62434e727397972932.jpg I'm not exactly sure how "bad" this is, but just to be safe I'm going to update my firmware AND stop visiting www.opb.org :-( _______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
